WHAT IS CLAIMED IS: 



1 1 . A method for performing one or more service operations on a Fibre 

2 Channel, the method comprising: 

3 transferring an initiator frame through a Fibre Channel, the Fibre Channel 

4 being coupled to a security apparatus; 

5 receiving the initiator frame via a Fibre Channel interface at the security 

6 apparatus; determining header information from the initiator frame; 

7 extracting source information, destination information, and exchange 

8 information from the header information; 

9 retrieving at least one policy based upon at least the source information and 

10 the destination information, the policy being directed to setting up at least a flow associated 

1 1 with the initiator frame; 

12 associating a subsequent frame including an incoming payload with the flow 

13 associated with the initiator frame; 

14 processing an incoming payload associated with a subsequent frame and 

1 5 associated with the initiator frame; and 

1 6 transferring the processed payload through the Fibre Channel. 

1 2. The method of claim 1 wherein the policy is one of a plurality of 

2 policies stored in a rule database. 

1 3. The method of claim 1 wherein the policy is one of a plurality of 

2 policies stored in a rule content addressable module, the content addressable module being a 

3 content addressable memory. 

1 4. The method of claim 1 wherein the service is a security operation. 

1 5. The method of claim 1 wherein the initiator frame is associated with a 

2 read request and the policy is associated with a decryption process. 

1 6. The method of claim 1 wherein the initiator frame is associated with a 

2 write request and the policy is associated with an encryption process. 

1 7. The method of claim 1 wherein the policy is associated with an access 

2 control process. 



11 



1 8. The method of claim 1 wherein the policy is associated with a statistics 

2 process. 

1 9. The method of claim 1 wherein the policy is associated with a transport 

2 policy. 

1 10. The method of claim 1 wherein the processing is provided on a 

2 security action processor. 

1 1 1 . A method for performing a service operation on a Fibre Channel, the 

2 method comprising: 

3 transferring an initiator frame through a Fibre Channel, the Fibre Channel 

4 being coupled to a security apparatus; 

5 transferring one or more subsequent frames through the Fibre Channel after 

6 the initiator frame; 

7 receiving the initiator frame via a SCSI format through the Fibre Channel; 

8 determining header information from the initiator frame; 

9 extracting source information, destination information, and exchange 

10 information from the header information of the initiator frame; 

1 1 performing a look up operation on a look up table using a header information 

12 on the initiator frame; 

13 creating one or more flows based upon the header information of the initiator 

14 frame; and 

15 retrieving at least one policy based upon at least information in the header 

16 information; 

17 associating the one or more subsequent frames with the one or more flows 

1 8 based upon the header information of the initiator frame; 

19 processing an incoming payload associated with the one or more subsequent 

20 frames for at least intrusion detection; and 

21 transferring the processed payload of the one or more subsequent frames 

22 through the Fibre Channel. 

1 12. The method of claim 1 wherein the processing of the incoming payload 

2 is provided at wire speed. 
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1 13. The method of claim 1 wherein the processing of the incoming payload 

2 is at a speed of greater than 1 Gigabit per second. 

1 14. The method of claim 1 wherein the look up table is provided in a flow 

2 content addressable memory. 

1 15. The method of claim 4 wherein the processing of the incoming payload 

2 is provided at wirespeed, the processing comprising an encryption or a decryption process. 

1 16. A system for performing a service operation on a Fibre Channel, the 

2 system comprising: 

3 an interface coupled to a Fibre Channel; 

4 a classifier coupled to the interface, the classifier being adapted to receive an 

5 initiator frame from the interface; the classifier being adapted to determine header 

6 information from the initiator frame and being adapted to determine source information, 

7 destination information, and exchange information from the header information; 

8 a flow content addressable memory coupled to the classifier, the flow content 

9 addressable memory being configured to store one or more header information, each of the 

10 one or more header information being associated with a state; 

11 a rule content addressable memory coupled to the classifier, the rule content 

12 addressable memory being configured to store one of a plurality of policies; and 

13 a processing module coupled to the classifier, the processing module being 

14 adapted to process an incoming payload associated with the initiator frame and the header 

1 5 information. 

1 17. The system of claim 1 further comprising a statistics processor coupled 

2 to the classifier. 

1 18. The system of claim 1 further comprising a generic action processor 

2 coupled to the classifier. 

1 19. A transparent method for performing security operations on one or 

2 more Fibre Channels coupled to a communication network, the method comprising: 

3 transferring a frame through a Fibre Channel, the Fibre Channel being coupled 

4 to a security apparatus; 

5 receiving the frame at the security apparatus; 
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6 determining header information from the initiator frame; 

7 extracting source information, destination information, and exchange 

8 information from the header information; 

9 performing a look up operation on a look up table using a header information 

10 on the frame; 

1 1 creating one or more flows based upon the header information; and 

12 retrieving at least one policy based upon at least the source information and 

1 3 the destination information; 

14 processing an incoming payload associated with the initiator frame, the 

15 payload being derived from one or more subsequent frames; and 

16 transferring the processed payload through the Fibre Channel. 

1 20. The method of claim 1 wherein the processing of the incoming payload 

2 is provided at wire speed. 

1 21 . The method of claim 1 wherein the processing of the incoming payload 

2 is at a speed of greater than 1 Gigabit per second. 

1 22. The method of claim 1 wherein the look up table is provided in a flow 

2 content addressable memory. 

1 23. The method of claim 4 wherein the flow content addressable memory 

2 is provided with a predetermined size. 

1 24. The method of claim 1 wherein the incoming payload is provided on a 

2 responder frame. 

1 25. The method of claim 1 wherein the processing of the incoming payload 

2 is based upon the flow that was based upon the header information. 

1 26. The method of claim 1 wherein the processing is performed using at 

2 least the one policy. 
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